How to read an OpenSSL cipher suite list

Jeff asked:

hMailserver is an open source Window e-mail server. For incoming e-mail it supports STARTTLS with the help of OpenSSL 1.1.1.
It allows configuring the cipher suites, the default is:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:
kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:
DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:
AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:
AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;

I wanted to disable AES256-GCM-SHA384 but after removing it, the cipher suite was still offered for STARTTLS (according to test site https://internet.nl)

In the end I had to remove AES128, AES256 and HIGH to stop AES256-GCM-SHA384 from appearing on STARTTLS.

How should I read this OpenSSL configuration setting? On the last line AES128 en AES256 are mentioned standalone. Doesn’t this mean that any cipher with AES128 or AES256 will be allowed making the long list before that quite redundant?
The same goes for the HIGH, doesn’t that make mentioning a lot of the other cipher suites redundant?